Problem authenticating WPA2 network: OpenSSL rejects certificate

Berend Dekens wpa
Wed Oct 6 04:45:12 PDT 2010


 On 05/10/10 20:31, Jouni Malinen wrote:
> wpa_supplicant does not have much control on this part when using
> OpenSSL.. Maybe your OpenSSL build has some options that disallows this
> particular certificate for some reason. For example, disabling use of
> MD5 as certificate hash algorithm would be good from security view
> point, but it would result in number of interop issues with old root
> certificates that are still in use.
I verified the certificate with openssl and rebuild openssl with every
option available (and ofcourse recompiled wpa_supplicant afterwards).
Nothing helped.

This bug is known in Ubuntu as
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/284409
and others have it as well. This italian user found the same 'solution'
as I did: disable the verification altogether by removing the ca_cert
option: http://www.slacky.eu/forum/viewtopic.php?p=232793

Since OpenSSL attempts to verify the certificate itself (which is
impossible as it is the root CA), it looks to me like a bug in
wpa_supplicant or OpenSSL. Afaik it is impossible to verify a root CA
certificate as there is nobody able to 'claim' the certificate as being
signed by them.



More information about the Hostap mailing list